Kaspersky Lab says that a new cyberespionage campaign dubbed “Operation Parliament” is targeting high profile organisations from around the world with a focus on the Middle East and North Africa.
It said during its Cyber Security Weekend for the Middle East, Turkey and Africa, that the attacks have been active since 2017 and have targeted top legislative, executive and judicial powers, including but not limited to governmental and large private entities from the region.
Company experts have detected victims in 27 countries thus far.
Kaspersky Lab experts believe that “Operation Parliament” represents a new geopolitically motivated threat actor that is highly active and skilled.
Attackers are also believed to have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, especially of non-trained staff.
Victims of the attacks include government entities, political figures, military and intelligence agencies, media outlets, research centers, Olympic foundations and large private companies, it said.
Based on the findings, the attackers infiltrated their victims using malware that provides them with a remote cmd/powershell terminal that enables them to execute any scripts/commands and receive the result through http requests.
“The attacks have taken great care to stay under the radar and have used techniques to verify victims devices before infiltrating them,” Kaspersky Lab said.
“We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon.”